The Elder Scrolls Online

Scammers are masquerading as The Elder Scrolls Online developers and sending Playstation private messages that state your account will be banned if you do not provide your login credentials.

If you are a user of online games, especially shooters and MMORPGs, you are likely familiar with users commonly being banned from games for cheating or even suspected cheating. There have also been many cases where users are banned for no reason that they know of and trying to get their accounts reinstated can be an ordeal.

In a new phishing scam shared by a recipient on Reddit, scammers are pretending to be Elder Scrolls Online developers and stating that unusual activity has been detected on the account that is in violation of the game's Terms of Service.

It then tell the recipient that they have 15 minutes to send the 'ElderScrollDevs' their email address, password, and date of birth or the account will be banned.

Elder Scrolls Online Phishing Scam
Elder Scrolls Online Phishing Scam
Click to see full size

The full text of this phishing scam can be read below:

We have noticed some unusual activity involving this Account. To be sure you are the rightful owner, we require you to response to this alert with the following Account information so that you may be verified, 

- Email Address
- Password
- Date of Birth on the Account

In response to a violation of these Terms of Service, ZeniMax may issue you a warning, suspend or restrict certain features of the Account. We may also immediately terminate any and all Accounts that You have established. Temporarily or permanently ban the Account, device, and/or machine from accessing, receiving, playing or using all or certain Services.

Under the current circumstances, you have 15 minutes from opening this alert to respond with the required information. Failure to do so will result in an immediate Account Ban, permanently losing online access to our servers on all platforms, along with all characters associated with the account in question. Please be sure to double check your information spelling before sending.

It is important to remember that if there is an issue with your account, a company will either contact you directly via email from their company domain or via their web site.

Any messages you receive on a console's gaming service should always be suspect and ignored, especially if they ask for your password, which a company will never do.

Points to keep in mind when it comes to phishing

When it comes to online phishing scams like these, there are a few points that you should always remember:

  1. Developers and companies will never ask for your password. If you receive any emails or messages asking for your password, you should immediately be suspicious and disregard the message or contact the developer or company through their official site.
  2. No company is going to demand you respond within a short time frame. The fact that this scam is asking you to respond within 15 minutes is purely meant as a pressure tactic to scare the recipient and get them to respond without thinking.
  3. As Malwarebytes stated, everyone should use 2-factor authentication (2FA) on their account. With 2FA enabled, even if you mistakenly give your password to a scammer, they will not be able to login without knowing your 2FA code.
  4. Finally, make sure you only enter your login credentials directly on the site for the service you are logging into.

Phishing is not going away and is a lucrative business for scammers, so it is important to be aware of how to spot scams and to never provide your login credentials unless you know for sure you are on the legitimate site.

Related Articles:

Savvy Seahorse gang uses DNS CNAME records to power investor scams

New Darcula phishing service targets iPhone users via iMessage

New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts

Russian hackers target German political parties with WineLoader malware

Spa Grand Prix email account hacked to phish banking info from fans